From derby-user-return-14736-apmail-db-derby-user-archive=db.apache.org@db.apache.org  Mon Nov 26 20:02:20 2012
Return-Path: <derby-user-return-14736-apmail-db-derby-user-archive=db.apache.org@db.apache.org>
X-Original-To: apmail-db-derby-user-archive@www.apache.org
Delivered-To: apmail-db-derby-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5D674E5DB
	for <apmail-db-derby-user-archive@www.apache.org>; Mon, 26 Nov 2012 20:02:20 +0000 (UTC)
Received: (qmail 7812 invoked by uid 500); 26 Nov 2012 20:02:20 -0000
Delivered-To: apmail-db-derby-user-archive@db.apache.org
Received: (qmail 7787 invoked by uid 500); 26 Nov 2012 20:02:20 -0000
Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:derby-user-help@db.apache.org>
list-unsubscribe: <mailto:derby-user-unsubscribe@db.apache.org>
List-Post: <mailto:derby-user@db.apache.org>
List-Id: <derby-user.db.apache.org>
Reply-To: "Derby Discussion" <derby-user@db.apache.org>
Delivered-To: mailing list derby-user@db.apache.org
Received: (qmail 7778 invoked by uid 99); 26 Nov 2012 20:02:20 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Nov 2012 20:02:20 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=5.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS,UNPARSEABLE_RELAY
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of rick.hillegas@oracle.com designates 141.146.126.69 as permitted sender)
Received: from [141.146.126.69] (HELO aserp1040.oracle.com) (141.146.126.69)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Nov 2012 20:02:09 +0000
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238])
	by aserp1040.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id qAQK1leU003053
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <derby-user@db.apache.org>; Mon, 26 Nov 2012 20:01:48 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158])
	by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id qAQK1k7g009207
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <derby-user@db.apache.org>; Mon, 26 Nov 2012 20:01:47 GMT
Received: from abhmt118.oracle.com (abhmt118.oracle.com [141.146.116.70])
	by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id qAQK1kFT011957
	for <derby-user@db.apache.org>; Mon, 26 Nov 2012 14:01:46 -0600
Received: from dhcp-amer-vpn-rmdc-anyconnect-10-159-89-126.vpn.oracle.com (/10.159.89.126)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Mon, 26 Nov 2012 12:01:46 -0800
Message-ID: <50B3CAAA.70507@oracle.com>
Date: Mon, 26 Nov 2012 12:01:46 -0800
From: Rick Hillegas <rick.hillegas@oracle.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: derby-user@db.apache.org
Subject: Re: Backup using SYSCS_UTIL.SYSCS_BACKUP_DATABASE with required authentication
References: <CAEbH18YM+tAx7x1TMe8XW_ogcxrcK8199OkkLntnaZ_EFq_tkg@mail.gmail.com>
In-Reply-To: <CAEbH18YM+tAx7x1TMe8XW_ogcxrcK8199OkkLntnaZ_EFq_tkg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Stefan,

I am not able to reproduce the behavior you are seeing. The following 
script works fine for me when I use Derby 10.8.2.2:

connect 'jdbc:derby:memory:db;create=true';

CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication', 
'true');
CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider', 
'BUILTIN');

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.DBUSER1', 
'password');
CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.defaultConnectionMode', 
'readOnlyAccess');
CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.fullAccessUsers', 
'DBUSER1');

CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.propertiesOnly','false');


connect 'jdbc:derby:memory:db;shutdown=true';

-- fails because authentication is on but no password is supplied
connect 'jdbc:derby:memory:db;user=DBUSER1';

-- succeeds
connect 'jdbc:derby:memory:db;user=DBUSER1;password=password';

-- succeeds
call SYSCS_UTIL.SYSCS_BACKUP_DATABASE( 'backups' ) ;

A further comment inline...

On 11/26/12 11:31 AM, Stefan R. wrote:
> Hi,
> in one of our web apps we activated derbys builtin user authentication 
> for the databases. We are using Derby 10.8.2.2
>
> The app is triggering a backup task, which executes 
> SYSCS_UTIL.SYSCS_BACKUP_DATABASE over a JDBC connection. This throws 
> an exception saying: the connection could not be authorized.
This suggests that the app couldn't even establish a connection. The app 
never got to the step of attempting a backup. I would recommend 
double-checking the credentials.

Hope this helps,
-Rick
>
> The following statements have been used to activate authentication:
>
> --------------------
> CALL 
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication', 
> 'true');
> CALL 
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider', 'BUILTIN');
>
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.DBUSER1', 
> 'password);
> CALL 
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.defaultConnectionMode', 
> 'readOnlyAccess');
> CALL 
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.fullAccessUsers', 
> 'DBUSER1);
>
> CALL 
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.propertiesOnly','false');
> --------------------
>
> So, DBUSER1 should have full access.
>
> Are there any restrictions to SYSCS_UTIL functions for 
> fullAccessUsers? How to authorize these?
>
> Thanks for your input,
> Stefan
>